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Description 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

[0001 ] The present invention relates to a system, client 
and server for performing biological authentication by 
comparing biological data of a user and registered refer- 
ence biological data. 

2. Description of the Related Art 

[0002] Highly precise personal authentication technol- 
ogies are increasingly important in IT (information tech- 
nology) systems. In particular, biological authentication 
that performs personal authentication by using biological 
information is gathering attentions. The biological au- 
thentication performs authentication of a user by reading 
biological information such as fingerprints, a palm vein 
pattern and an iris by using an input device, creating bi- 
ological data resulting from the extraction of features of 
the biological information and comparing it with regis- 
tered reference biological data. The biological authenti- 
cation is highly familiar to general users and is highly 
usable because the inconvenience of password input and 
the load of secret management are not imposed on users, 
the illegal use is not easy, and the security is high. 
[0003] On the other hand, the biological data obtained 
every time an authentication operation is performed may 
not provide the strict identity. Therefore, in comparing it 
with reference biological data, the success or failure of 
the authentication must be determined by defining a 
threshold valueforthe degree of the agreement between 
data. If the threshold value is defined high here, the cre- 
ated biological data may vary largely in some biological 
states and/or ways of inputting biological information, 
which results in the determination of the authentication 
failure despite of the identity and inconveniences the us- 
er. On the other hand, if the threshold value is defined 
low here in order not to inconvenience users, the com- 
parison with biological data of a different person may 
highly possibly result in the determination of the authen- 
tication success. 

[0004] One method is to increase an amount of bio- 
logical information to be obtained in orderto increase the 
success rate of the authentication and decrease the im- 
proper authentication rate. However, since increasing 
the amount of information to be obtained and compared 
increases the complexity of the input device and also 
increases the amount of data to be handled, the prices 
of the authentication systems and services are in- 
creased. Accordingly, some fields may desire authenti- 
cation systems at low prices. For example, a possible 
application is that a mobile terminal or a personally- 
owned terminal connected to a network is used to obtain 
biological data, and a service provider checks a personal 
identity through biological authentication to provide a 



service and/or an access right. In atypical example, the 
biological authentication may be used for payment 
processing in an online shopping using a mobile terminal. 
For such a personally-owned terminal, extremely inex- 

s pensive and simple input devices and authentication sys- 
tems are desired. Therefore, a highly usable biological 
authentication technology is desired in a low price but 
with a high authentication success rate, a low improper 
authentication rate and without the necessity for complex 

'o operations such as password input. 

[0005] Regarding the biological authentication, tech- 
nologies such as the one disclosed in Patent Document 
1 have been proposed. 

[0006] There are, for example techniques described in 
'5 Japanese Unexamined Patent Application Publication 
No. 2000-259278. 

SUMMARY OF THE INVENTION 

20 [0007] According to an embodiment of a first aspect of 
the present invention, there is provided a biometric au- 
thentication method comprising obtaining biometric data 
of a user by inputting biometric information of the user 
by a client, sending said biometric data obtained by the 

25 client and identification information of the client to a serv- 
er, performing authentication of the user by the server 
on the basis of said biometric data and said identification 
information received by the server and reference biomet- 
ric data of the user and reference identification informa- 

30 tion of the client stored in the server. 

[0008] According to an embodiment of the present in- 
vention, user authentication is performed based on bio- 
logical data of a user, which is obtained and created in 
a client, and information from which the client is identifi- 

35 able. Therefore, a biological authentication system can 
be realized which has a high authentication success rate 
and a low improper authentication rate and does not in- 
convenience users. 

40 BRIEF DESCRIPTION OF THE DRAWINGS 

[0009] 

Fig. 1 is a diagram showing an entire hardware con- 
<*5 figuration of a client. 

Fig. 2 is a diagram showing an entire hardware con- 
figuration of a server. 

Fig. 3 is a functional block diagram of reference bi- 
ological data creating processing in Example 1 . 

50 Fig. 4 is a flowchart of the reference biological data 
creating processing in Example 1 . 
Fig. 5 is a functional block diagram of biological au- 
thentication processing in Example 1. 
Fig. 6 is a flowchart (Part 1 ) of the biological authen- 

55 tication processing in Example 1 . 

Fig. 7 is a flowchart (Part 2) of the biological authen- 
tication processing in Example 1. 
Fig. 8 is a functional block diagram of reference bi- 
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ological data creating processing in Example 2. 
Fig. 9 is a flowchart of the reference biological data 
creating processing in Example 2. 
Fig. 10 is a functional block diagram of reference 
biological data creating processing in Example 2. 
Fig. 11 is a flowchart (Part 1) of the biological au- 
thentication processing in Example 2. 
Fig. 12 is a flowchart (Part 2) of the biological au- 
thentication processing in Example 2. 

DESCRIPTION OFTHE PREFERRED EMBODIMENTS 

[0010] With reference to drawings, an embodiment of 
the present invention will be described below. Though 
examples will describe a case in which fingerprints are 
used as biological information, the biological information 
may be a palm vein pattern, an iris or the like. 

First Embodiment: 

[001 1 ] Example 1 describes a case in which a specific 
user uses a specific client to perform biological authen- 
tication. Though a biological authentication system is 
constructed by connecting a client and a server over a 
network in Example 1 , a cellular phone, a PDA (Personal 
Data Assistant) or the like may be used, for example, 
instead of the client. 

Hardware Configuration Diagram: 

[001 2] Figs. 1 and 2 are block diagrams schematically 
showing examples of hardware configurations of a client 
0 and a server 100 constructing a biological authentica- 
tion system. 

[001 3] The client 0 is constructed by connecting a CPU 
(Central Processing Unit) 2 that performs computing 
processing, an operating section 4 that receives the input 
of data, a display section 6 that displays information, a 
ROM (Read Only Memory) 8 that stores a program, a 
RAM (Random Access Memory) 1 0 that executes a pro- 
gram and/or stores data, an input device 12 that reads 
biological information of a user as an image, an external 
storage device 14 that stores a biological authentication 
program and unique information, which is information 
unique to the client 0, for example, and a network inter- 
face 16 that exchanges data with the server 100 over a 
network through a bus 1 8. 

[001 4] The server 1 00 is constructed by connecting a 
CPU (Central Processing Unit) 102 that performs com- 
puting processing, an operating section 1 04 that receives 
the input of data, a display section 106 that displays in- 
formation, a ROM (Read Only Memory) 108 that stores 
a program, a RAM (Random Access Memory) 110 that 
executes a program and/or stores data, an external stor- 
age device 114 that stores a biological authentication 
program and reference biological data, which is a refer- 
ence for a user, for example, and a network interface 1 1 6 
that exchanges data with the client 0 over a network 



through a bus 118. 

[0015] In the client 0, in response to a command to 
perform biological authentication from the operating sec- 
tion 4 by a user, the CPU 2 displays on the display section 

s 6 to use the input device 1 2 to input biological information. 
The input device 12 reads biological information of the 
user as an image. Then, the CPU 2 executes a biological 
authentication program by loading and expanding the bi- 
ological authentication program from the external stor- 

'o age device 14 to the RAM 10. The biological authentica- 
tion program creates biological data from the image of 
the biological information read by the input device 12. 
The biological data is transmitted to the server 100 
through the network interface 16. 

is [0016] Also in the server 100, the CPU 102 executes 
a biological authentication program in the same manner 
by loading and expanding the biological authentication 
program from the external storage device 1 1 4to the RAM 
1 1 0. The biological authentication program performs bi- 

20 ological authentication by cothe biological data transmit- 
ted from the client 0 and reference biological data stored 
in the external storage device 114. 
[0017] Notably, the biological authentication program 
is not always required to store in the external storage 

25 devices 14 and 114 from the beginning. For example, 
the biological authentication program may be stored from 
a program provider side to the external storage devices 
14 and 114 through a public switched line, the Internet, 
a LAN, a WAN or the like. The biological authentication 

30 program stored in a portable storage medium may be set 
in the client and the server and be executed by the CPUs 
2 and 1 02. Storage media in various forms are applicable 
as the portable storage medium such as a CD-ROM, an 
optical disk and a DVD. 

35 

Functional Block Diagram (Part 1): 

[0018] Fig. 3 is a functional block diagram schemati- 
cally showing an example of a reference biological data 

■*o creating function. The reference biological data creating 
function is constructed by the client 0 and the server 1 00. 
The reference biological data creating function of the cli- 
ent 0 is constructed by biological information input means 
202, biological data creating means 204, reference bio- 

15 logical data creating means 206, unique information de- 
termining means 208, unique information storing means 
21 0, registration result receiving means 21 3, registration 
result notifying means 214 and client communication 
means 21 6. The reference biological data creating func- 

so tion of the server 1 00 is constructed by server commu- 
nication means 31 6, unique information overlap checking 
means 301 and reference biological data storing means 
302. The means of the reference biological data creating 
function will be described below. 

Biological Information Input Means: 

[0019] The biological information input means 202 
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reads fingerprints, which are biological information of a 
user, as an image. Then, the biological information input 
means 202 commands the biological data creating 
means 204 to create biological data based on the read 
fingerprint image. 

Biological Data Creating Means: 

[0020] The biological data creating means 204 ex- 
tracts a characteristic point, for example, from the user's 
fingerprint image read by the biological information input 
means 202 and creates biological data to be used for 
creating reference biological data on which the reference 
biological data creating means 206 based for the user. 
The biological data is used by one-to-N comparing 
means 304 to compare with the reference biological data. 
The reference biological data creating means 206 and 
one-to-N comparing means 304 will be described later. 

Unique Information Determining Means: 

[0021 ] The unique information determining means 208 
determines unique information to be associated with the 
biological data for creating the reference biological data 
by the reference biological datacreating means 206. The 
unique information is only required to determine a client 
uniquely. As the unique information, a Mac address, 
which is a unique value to a client, is applicable. The 
reference biological data creating means 206 will be de- 
scribed later. 

Reference Biological Data Creating Means: 

[0022] The reference biological data creating means 
206 creates reference biological data that associates bi- 
ological data and unique information. The reference bi- 
ological data is usedforcomparison by the one-to-N com- 
paring means 304. 

Unique Information Storing Means: 

[0023] The unique information storing means 210 
stores unique information determined by the unique in- 
formation determining means. 

Registration Result Receiving Means: 

[0024] The registration result receiving means 21 3 de- 
termines whether reference biological data has been 
stored in the reference biological data storing means 302 
or not. The reference biological data storing means 302 
will be described later. 

Registration Result Notifying Means: 

[0025] The registration result notifying means. 214 dis- 
plays on the display section 6 that reference biological 
data has been stored in the reference biological data stor- 
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ing means 302 and notifies a user that the reference bi- 
ological data has been registered with the server. 

Client Communication Means: 

[0026] The client communication means 21 6 transmits 
reference biological data created by the reference bio- 
logical data creating means 206 to the server. The client 
communication means 21 6 further receives the notifica- 
io tion that reference biological data has been registered 
with the serverfrom the server. The client communication 
means 21 6 additionally exchanges data with the server. 

Reference Biological Data Storing Means: 

[0027] The reference biological data storing means 
302 stores reference biological data transmitted from a 

20 Unique Information Overlap Checking Means: 

[0028] The unique information overlap checking 
means 301 determines whether any overlap exists be- 
tween the unique information of reference biological data 

2S transmitted from a client and the unique information of 
reference biological data already stored in the reference 
biological means 302 or not. If no overlaps exist in the 
unique information, the reference biological data is stored 
in the reference biological data storing means 302. Then, 

30 the unique information overlap checking means 301 
transmits the fact that the storing has completed to a 
client through the server communication means 31 6. On 
the other hand, if some overlap exists in the unique in- 
formation, the unique information overlap checking 

35 means 301 transmits a request for the reset of unique 
information to a client through the server communication 
means 316. The server communication means 316 will 
be described later. 

40 Server Communication Means: 

[0029] The servercommunication means 31 6 receives 
reference biological data transmitted from a client. The 
server communication means 316 transmits to a client 
45 that the unique information overlap checking means 301 
has completely stored reference biological data in the 
reference biological data storing means 302. The server 
communication means 316 additionally exchanges data 
with a client. 

Flow of Preparation: 

[0030] With reference to Fig. 4, processing of creating 
reference biological data, which is a reference for a user 
55 in a comparison operation, will be described below. 
[0031] In step S001, the biological information input 
means 202 images a fingerprint image of a user, which 
is input through the input device 12 in the client 0. The 
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processing moves to step S002. 
[0032] In step S002, the biological data creating sec- 
tion 204 creates biological data based on the user's fin- 
gerprint image imaged by the biological information input 
means 202. The processing moves to step S003. 
[0033] In step S003, the unique information determin- 
ing means 208 determines unique information. Notably, 
the unique information may be a random number gener- 
ated by a client or a server instead of the one described 
above. The processing moves to step S004. 
[0034] in step S004, the reference biological data cre- 
ating means 206 creates reference biological data that 
associates biological data and unique information. Based 
on this, even if multiple pieces of reference biological 
data are similar to input user's biological data, the bio- 
logical authentication can be performed based on the 
unique information. The processing moves to step S005. 
[0035] In step S005, the client communication means 
216 transmits the reference biological data created by 
the reference biological data creating means to the server 
communication means 316 to register the reference bi- 
ological data with the server 1 00. The processing moves 
to step S006. 

[0036] In step S006, the server communication means 
316 receives the reference biological data transmitted 
from the client communication means 21 6. The process- 
ing moves to step S007. 

[0037] In step S007, the unique information overlap 
checking means 301 compares the unique information 
of the reference biological data already stored in the ref- 
erence biological data storing means 302 and the unique 
inrormation of the reference biological data received by 
the server communication means 316 in step S006 and 
determines whetherthe unique information overlaps with 
each other or not. If the unique information overlaps, the 
processing moves to step S008 where the server com- 
munication means 31 6 transmits the fact that the regis- 
tration has failed to the client communication means 21 6. 
On the other hand, if no unique information overlaps, the 
processing moves to step S009. Thus, the reference bi- 
ological data having the overlapping unique information 
can be prevented from being stored in the server 1 00. 
Then, the one-to-N comparing means 304 can perform 
the biological authentication, keeping the security based 
on the unique information. 

[0038] In step S009, the unique information overlap 
checking means 301 stores the reference biological data 
received in step S006 in the reference biological data 
storing means 302. The processing moves to step S01 0. 
[0039] In step S01 0, the server communication means 
31 6 transmits the fact that the registration has succeeded 
to the client communication means 21 6. The processing 
moves to step S011. 

[0040] In step SO1 1 , the registration result receiving 
means 213 determines whether the result transmitted 
from the server communication means 316 to the client 
communication means 21 6 is the registration success or 
not. If so, the processing moves to step S012. If not on 



the other hand, the processing returns to step S003, and 
the processing above is repeated. 
[0041] In step S012, the unique information determin- 
ing means 208 stores the unique information determined 

5 in step S003 in the unique information storing means 
210. The processing moves to step S013. 
[0042] In step S013, the registration result notifying 
means 214 displays the fact that the reference biological 
data has been successfully registered on the display sec- 

10 tion 6 of the client 0. The processing ends. 

Functional Block Diagram (Part 2): 

[0043] Fig. 5 is a functional block diagram schemata- 
's cally showing an example of the biological authentication 
function. The biological authentication function is con- 
structed by the client 0 and the server 1 00. The biological 
authentication function of the client 0 is constructed by 
biological information input means 202, biological data 
20 creating means 204, unique information storing means 
210, client communication means 216, one-to-N com- 
parison result receiving means 218, and one-to-N com- 
parison result notifying means 220. The biological au- 
thentication function of the server 100 is constructed by 
25 server communication means 316, reference biological 
data storing means 302, one-to-N comparing means 304, 
one-to-N comparison result determining means 308, per- 
sonal identity candidate data storing means 31 0, unique 
information requesting means 312 and unique informa- 
30 tion comparing means 31 8. The means of the biological 
authentication function will be described below. The 
same reference numerals are given to the means de- 
scribed on the functional block diagram (Part 1) in Fig. 
3, and the description will be omitted. 

35 

One-To-N Comparison Result Receiving Means: 

[0044] The one-to-N comparison result receiving 
means 218 determines whetherthe comparison result 

to transmitted from the server 1 00 is the authentication suc- 
cess or not. Then, the one-to-N comparison result receiv- 
ing means 21 8 notifies the comparison result to the one- 
to-N comparison result notifying means 220. If the com- 
parison result transmitted from the server 1 00 is the au- 

*5 thentication failure and if obtaining unique information is 
requested by the server 1 00, the one-to-N comparison 
result receiving means 218 obtains the unique informa- 
tion from the unique information storing means 210. 

so One-To-N Comparison Result Notifying Means: 

[0045] The one-to-N comparison result notifying 
means 220 displays the comparison result notified from 
the one-to-N comparison result receiving means 218 on 
55 the display section 6 of the client 0. 
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One-To-N Comparing Means : 

[0046] The one-to-N comparing means 304 calculates 
the degree of agreement by comparing the biological da- 
ta transmitted from a client and the reference biological 
data stored in the reference biological data storing means 
302. The expression, "degree of agreement", here refers 
to the degree of agreement between the biological data 
and the reference biological data. 

One-To-N Comparison Result Determining Means: 

[0047] The one-to-N comparison result determining 
means 308 compares the degree of agreement calculat- 
ed by the one-to-N comparing means 304 and athreshold 
value defined by a user and obtains the reference bio- 
logical data beyond the threshold value. Then, the one- 
to-N comparison result determining means 308 deter- 
mines whether the authentication has succeeded or not 
by determining whetherthe degree of agreement is equal 
to or higher than the defined threshold value or not. No- 
tably, the threshold value is desirably defined based on 
the aimed security level. If the reference biological data 
beyond the threshold value is unique, the one-to-N com- 
parison result determining means 308 transmits the fact 
of the authentication success to the client through the 
server communication means 316. If multiple pieces of 
reference biological data are beyond the threshold value, 
the one-to-N comparison result determining means 308 
stores the reference biological 1 data in the personal 
identity candidate data storing means 310. Then, the 
one-to-N comparison result determining means 308 
commands the unique information requesting means 312 
to obtain unique information stored in the client. If the 
authentication success is determined based on the 
unique information, the one-to-N comparison result de- 
termining means 308 transmits the fact of the authenti- 
cation success to the client 0 through the server commu- 
nication means 316. The unique information requesting 
means 312 will be described later. 

Personal Identity Candidate Data Storing Means: 

[0048] The personal identity candidate data storing 
means 31 0 stores multiple pieces of reference biological 
data obtained by the one-to-N comparison result deter- 
mining means 308. 

Unique Information Requesting Means: 

[0049] The unique information requesting means 312 
requests unique information to aclientthrough the server 
communication means 316. 

Unique Information Comparing Means: 

[0050] The unique information comparing means 318 
compares the unique information obtained by the unique 



information requesting means 312 and the unique infor- 
mation of the multiple pieces of reference biological data 
stored on the personal identity candidate data storing 
means 31 0 and determines whether any agreement ex- 
ists between them or not. If some unique information 
agrees, the fact is notified to the one-to-N comparison 
result determining means 308. 

Flow of Biological Authentication: 

[0051] With reference to Figs. 6 and 7, processing of 
the biological authentication will be described below. 
[0052] In step S101, the biological information input 
means 202 images a fingerprint image of a user. The 

'5 processing moves to step S1 02. 

[0053] In step S1 02, the biological datacreating means 
204 creates biological data based on the user's finger- 
print image imaged by the biological information input 
means 202. The processing moves to step S103. 

20 [0054] In step S1 03, the client communication means 
21 6 transmits the biological datacreated by the biological 
data creating means 204 to the server communication 
means 316. The processing moves to step S104. 
[0055] In step S104, the one-to-N comparing means 

25 304 compares the biological data received by the server 
communication means 31 6 and multiple pieces of refer- 
ence biological data already registered with the reference 
biological data storing means 302 and calculates the de- 
gree of agreement. The processing moves to step S1 05. 

30 [0056] In step S105, the one-to-N comparison result 
determining means 308 compares the degree of agree- 
ment calculated in step S1 04 and a threshold value de- 
fined by a user and determines whether any reference 
biological data is beyond the threshold value or not. If so, 

35 the processing moves to step S106. If not on the other 
hand, the processing moves to step S107. 
[0057] In step S106, the one-to-N comparison result 
determining means 308 determines whether multiple 
pieces of reference biological data are beyond the thresh- 

40 old value defined by the user or not. If so, the processing 
moves to step S1 09. If the reference biological data be- 
yond the threshold value is unique on the other hand, the 
processing moves to step S1 08 where the one-to-N com- 
parison result determining means 308 determines the 

is authentication success. Then, the fact of the authentica- 
tion success is transmitted from the server communica- 
tion means 31 6 to the client communication means 21 6. 
[0058] In step S109, the one-to-N comparison result 
determining means 308 stores the multiple pieces of ref- 

so erence biological data in the personal identity candidate 
data storing means 310 as candidates of the reference 
biological data of the identity of the user. The processing 
moves to step S110. 

[0059] In step S1 1 0, the unique information requesting 
55 means 312 requests unique information from the server 
communication means 31 6 to the client 0. The process- 
ing moves to step S1 07. 

[0060] In step S107, the one-to-N comparison result 
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determining means 308 determines the authentication 
failure and transmits the fact of the authentication failure 
from the server communication means 316 to the client 
communication means 216. The processing moves to 
step S111. 

[0061] In step S111, the one-to-N comparison result 
receiving means 218 determines whether the result 
transmitted from the server communication means 316 
to the client communication means 216 is the authenti- 
cation success or not. If so, the processing moves to step 
S1 12. If not on the other hand, the processing moves to 
step S1 13. 

[0062] In step S113, the one-to-N comparison result 
receiving means 218 determines whether unique infor- 
mation has been requested from the server 1 00 or not. 
If so, the processing moves to step S1 14. If not on the 
other hand, the processing moves to step S1 1 8. 
[0063] In step S114, the one-to-N comparison result 
receiving means 21 8 obtains unique information from the 
unique information storing means 210. The processing 
moves to step S1 15. 

[0064] In step S115, the one-to-N comparison result 
receiving means 218 transmits the unique information 
from the client communication means 21 6 to the server 
communication means 316. The processing moves to 
step S1 16. 

[0065] In step S1 1 6, the unique information comparing 
means 31 8 compares the unique information transmitted 
from the client communication means 21 6 and the unique 
information of the reference biological data stored in the 
personal identity candidate data storing means 31 0 and 
determines whether any unique information agrees or 
not. If so, the processing moves to step S1 17 where the 
authentication success is determined. Then, the unique 
information comparing means 318 transmits the fact of 
the authentication success from the server communica- 
tion means 316 to the client communication means 216, 
and the processing moves to step S1 12. On the other 
hand, if no unique information agrees, the processing 
moves to step S1 1 8 where the authentication failure is 
determined. Then, the unique information comparing 
means 31 8 transmits the fact of the authentication failure 
from the server communication means 316 to the client 
communication means 216, and the processing moves 
to step S1 19. Thus, even if multiple pieces of reference 
biological data are similar to the input user's biological 
data as a result of the comparison performed by the one- 
to-N comparing means 304, the biological authentication 
can be performed based on the prestored unique infor- 
mation, which does not inconvenience users. 
[0066] In step S112, the one-to-N comparison result 
notifying means 220 displays the fact of the authentica- 
tion success on the display section 6 of the client 0 if the 
one-to-N comparison result receiving means 21 8 recog- 
nizes that the fact of the authentication success has been 
received from the client communication means 21 6. The 
processing ends. 

[0067] In step S119, the one-to-N comparison result 



notifying means 220 displays the fact of the authentica- 
tion failure on the display section 6 of the client 0 if the 
one-to-N comparison result receiving means 21 8 recog- 
nizes that the fact of the authentication failure has been 
s received from the client communication means 21 6. The 
processing ends. 

Second Embodiment: 

w [0068] Second embodiment describes a case in which 
an indefinite number of users use a specific client to per- 
form biological authentication. Since the hardware con- 
struction of the biological authentication system is the 
same as the one described with reference to Figs. 1 and 

'5 2 in Example 1 , the description will be omitted. 

Functional Block Diagram (Part 3): 

[0069] Fig. 8 is a functional block diagram schemati- 
se cally showing an example of a reference biological data 
creating function. The reference biological data creating 
function is constructed by the client 0 and the server 1 00. 
The reference biological data creating function of the cli- 
ent 0 is constructed by biological information input means 
25 202, biological data creating means 204, reference bio- 
logical data creating means 206, group information se- 
lecting/determining means 222, group information stor- 
ing means 224, reference biological data overlap notify- 
ing means 226, registration result receiving means 213, 
30 registration result notifying means 214 and client com- 
munication means 216. The reference biological data 
creating function of the server 1 00 is constructed by serv- 
er communication means 316, reference biological data 
overlap checking means 320, and reference biological 
35 data storing means 302. The means of the reference bi- 
ological data creating function will be described below. 
The same reference numerals are given to the means 
already described with reference to the functional block 
diagrams (Part 1) and (Part 2) in Example 1, and the 
40 description will be omitted. 

Group Information Storing Means: 

[0070] The group information storing means 224 
45 stores information from which a user is not completely 
identifiable such as the organization thatthe user belongs 
to and birth year of the user. In Example 2, the organi- 
zations (i.e. division) that users belong to such as "Au- 
thentication System Research Division" and "Patent Di- 
so vision" are stored in the group information storing means 
224. 

Group Information Selecting/determining Means: 

55 [0071] The group information selecting/determining 
means 222 selects an organization that a user belongs 
to from the group information storing means. The select- 
ed organization becomes the reference biological data 
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in the reference biological data creating means 206 by 
being associated with the biological data created by the 
biological data creating means 204. 

Reference Biological Data Overlap Notifying Means : 

[0072] The reference biological data overlap checking 
means 320 determines whether any similar reference bi- 
ological data has been stored already in the reference 
biological data storing means or not. If so, the reference 
biological data overlap notifying means 226 displays the 
fact on the display section 1 06. The reference biological 
data overlap checking means 320 will be described later. 

Reference Biological Data Checking Means: 

[0073] The reference biological data overlap checking 
means 320 calculates the degree of agreement between 
the reference biological data transmitted from a client 
and the reference biological data already stored in the 
reference biological data storing means 302. If the refer- 
ence biological data has the same group information and 
the degree of agreement equal to or higher than a defined 
threshold value, the fact is transmitted to the client 
through the server communication means 316. 

Flow of Preparation: 

[0074] With reference to Fig. 9, processing of creating 
reference biological data from which a user is identifiable 
in a comparison operation will be described below. 
[0075] In step S201, the biological information input 
means 202 images a fingerprint image of a user, which 
is input from the input device 12 of the client 0. The 
processing moves to step S202. 
[0076] In step S202, the biological data creating sec- 
tion 204 creates biological data based on the user's fin- 
gerprint image imaged by the biological information input 
means 202. The processing moves to step S203. 
[0077] In step S203, the group information selecting/ 
determining means 222 selects the division from the 
group information storing means 224 based on an oper- 
ation by a user through the operating section 4 of the 
client 0. The processing moves to step S204. 
[0078] In step S204, the reference biological data cre- 
ating section 206 creates reference biological data that 
associates the biological data and the division. The 
processing moves to step S205. 
[0079] In step S205, the client communication means 
216 transmits the reference biological data created by 
the reference biological data creating means 206 to the 
server communication means 316. The processing 
moves to step S206. 

[0080] In step S206, the server communication means 
316 receives the reference biological data transmitted 
from the client communication means 21 6. The process- 
ing moves to step S207. 

[0081 ] In step S207, the reference biological data over- 



lap checking means 320 compares the reference biolog- 
ical data already stored in the reference biological data 
storing means 302 and the reference biological data re- 
ceived by the server communication means 31 6 in step 

5 S206 and calculates the degree of agreement. Then, the 
reference biological data overlap checking means 320 
determines whether any reference biological data has 
the degree of agreement beyond a threshold value de- 
fined by a user or not. If so, the processing moves to step 

10 S208 where the server communication means 316 trans- 
mits the fact of the registration failure to the client com- 
munication means 216. If not on the other hand, the 
processing moves to step S209. Thus, reference biolog- 
ical data having the same division and similar biological 

'5 data can be prevented from being registered with the 
server. 

[0082] In step S209, the reference biological data over- 
lap checking means 320 stores the reference biological 
data received in step S206 to the reference biological 
20 data storing means 302. The processing moves to step 
S210. 

[0083] In step S210, the server communication means 
316 transmits the fact of the registration success to the 
client communication means 21 6. The processing moves 

is tostepS211. 

[0084] In step S211, the registration result receiving 
means 213 determines whether the result transmitted 
from the server communication means 316 is the regis- 
tration success or not. If so, the processing moves to step 

so S213. If not on the other hand, the processing moves to 
step S212. 

[0085] In step S212, the registration result notifying 
means 214 displays the fact of the registration failure on 
the display section 6 of the client 0. The processing ends. 
35 [0086] In step S213, the registration result notifying 
means 214 displays the fact of the registration success 
on the display section 6 of the client 0. The processing 

40 Functional Block Diagram (Part 4): 

[0087] Fig. 1 0 is a functional block diagram schemat- 
ically showing an example of a biological authentication 
function. The biological authentication function is con- 

45 structed by the client 0 and the server 1 00. The biological 
authentication function of the client 0 is constructed by 
the biological information input means 202, biological da- 
ta creating means 204, one-to-N comparison result re- 
ceiving means 21 8, one-toN comparison result notifying 

so means 220, group information storing means 224 and 
client communication means 21 6. The biological authen- 
tication function of the server 1 00 is constructed by server 
communication means 316, reference biological data 
storing means 302, one-to-N comparing means 304, one- 

55 to-N comparison result determining means 308, personal 
identity candidate data storing means 310, group infor- 
mation requesting means 318 and group information 
comparing means 322. The means of the biological au- 
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thentication function will be described below. The same 
reference numerals are given to the means already de- 
scribed with reference to the functional block diagrams 
(Partl)and (Part2)in Example 1 and the functional block 
diagram (Part 3) in Example 2, and the description will 
be omitted. 

Group Information Requesting Means: 

[0088] The group information requesting means 318 
requests group information to a client through the server 
communication means 31 6. The group information in Ex- 
ample 2 is the division information of a user as described 

Group Information Comparing Means: 

[0089] The group information comparing means 322 
compares the group information obtained by the group 
information requesting means 318 and the group infor- 
mation of the reference biological data stored in the per- 
sonal identity candidate data storing means 31 0 and de- 
termines whether any agreement exists therebetween or 
not. If so, the fact is notified to the one-to-N comparison 
result determining means 308. 

Flow of Biological Authentication: 

[0090] WithreferencetoFigs.11 and 12, the process- 
ing of the biological authentication in Example 2 will be 
described below. In this example, when a client is started 
by a user, the group information is defined. The defined 
group information is stored the group information storing 
means 224. 

[0091] In step S301, the biological information input 
means 202 images a fingerprint image of the user. The 
processing moves to step S302. 
[0092] In step S302, the biological datacreating means 
204 creates biological data based on the user's finger- 
print image imaged by the biological information input 
means 202. The processing moves to step S304. 
[0093] In step S304, the client communication means 
21 6 transmits the biological data created by the biological 
data creating means 204 to the server communication 
means 316. The processing moves to step S305. 
[0094] In step S305, the one-to-N comparing means 
304 compares the biological data received by the server 
communication means 316 and multiple pieces of refer- 
ence biological data already registered with the reference 
biological data storing means 302 and calculates the de- 
gree of agreement. The processing moves to step S306. 
[0095] In step S306, the one-to-N comparison result 
determining means 308 determines whether any refer- 
ence biological data is beyond a threshold value defined 
by the user or not as a result of the comparison in step 
S305. If so, the processing moves to step S307. If not on 
the other hand, the processing moves to step S308. 
[0096] In Step S307, the one-to-N comparison result 



16 

determining means 308 determines whether multiple 
pieces of reference biological data have the degree of 
agreement beyond the threshold value defined by the 
user or not. If so, the processing moves to step S31 0. If 

5 only one reference biological data is beyond the thresh- 
old value, the processing moves to step S309 where the 
one-to-N comparison result determining means 308 de- 
termines the authentication success. Then, the fact of 
the authentication success is transmitted from the server 

'0 communication means 316 to the client communication 
means 216. 

[0097] In step S310, the one-to-N comparison result 
determining means 308 stores the multiple pieces of ref- 
erence biological data having the degrees of agreement 

)5 beyond the threshold value defined by the user in the 
personal identity candidate data storing means 310 as 
the reference biological data of the identity of the user. 
The processing moves to step S31 1 . 
[0098] In step S31 1 , the group information requesting 

20 means 318 requests group information from the server 
communication means 31 6 to the client 0. The process- 
ing moves to step S308. 

[0099] In step S308, the one-to-N comparison result 
determining means 308 determines the authentication 
25 failure and transmits the fact of the authentication failure 
from the server communication means 31 6 to the client 
communication means 216. The processing moves to 
step S312. 

[0100] In step S312, the one-to-N comparison result 

30 receiving means 218 determines whether the result 
transmitted from the server communication means 316 
to the client communication means 216 is the authenti- 
cation success or not. If so, the processing moves to step 
S313. If not on the other hand, the processing moves to 

35 stepS314. 

[0101] In step S314, the one-to-14 comparison result 
receiving means 218 determines whether group informa- 
tion has been requested from the server 1 00 or not. If so, 
the processing moves to step S315. If not on the other 

40 hand, the processing moves to step S31 9. 

[0102] In step S315, the one-to-N comparison result 
receiving means 21 8 obtains group information from the 
group information storing means 224. The processing 
moves to step S316. 

ts [0103] In step S316, the one-to-N comparison result 
receiving means 218 transmits group information from 
the client communication means 21 6 to the server com- 
munication means 31 6. The processing moves to step 
S3 17. 

so [0104] In step S31 7, the group information comparison 
means 322 compares the group information transmitted 
from the client communication means 21 6 and the group 
information of the reference biological data stored in the 
personal identity candidate data storing means 310 and 

55 determines whether any group information agrees. If so, 
the processing moves to step S31 8 whether the authen- 
tication success is determined. Then, the group informa- 
tion comparison means 322 transmits the fact of the au- 
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thentication success from the server communication 
means 31 6 to the client communication means 21 6, and 
the processing moves to step S313. If not on the other 
hand, the processing moves to step S319 where the au- 
thentication failure is determined. Then, the group infor- s 
mation comparing means 322 transmits the fact of the 
authentication failure from the server communication 2. 
means 31 6 to the client communication means 21 6, and 
the processing moves to step S320. Thus, even if multiple 
pieces of reference biological data are similarto the input «> 
user's biological data as a result of the comparison by 
the one-to-N comparing means 304, the biological au- 
thentication can be performed based on the prestored 3. 
group information, which does not inconvenience users. 
[0105] In step S31 3, the one-to-N comparison result « 
notifying means 220 displays the fact of the authentica- 
tion success on the display section 6 of the client 0 if the 4. 
one-to-N comparison result receiving means 218 recog- 
nizes that the fact of the authentication success has been 
received from the client communication means 216. The so 
processing ends. 

[0106] In step S320, the cne-to-N comparison result 5. 
notifying means 220 displays the fact of the authentica- 
tion failure on the display 6 of the client 0 if the one-to-N 
comparison result receiving means 21 8 recognizes that 
the fact of the authentication failure has been received 
from the client communication means 21 6. The process- 
ing ends. 

[0107] The embodiments above describe the present 
invention more specifically for better understanding and 30 
do not limit theform. Therefore, any changes are possible 
without departing from the spirit and scope of the present 
invention. For example, in Example 2, if multiple pieces 
of reference biological data exist as a result of one-to-IV 
comparison and the identity of a user is not identifiable 35 
even by using group information, a construction is pos- 
sible in which the fact that the user belongs to the group 
may be transmitted to a client and a specific right may 6. 
be only given to the user, without the determination of 
the authentication failure. Having described as a client- 4 " 
server system in Example 2, a stand-alone system hav- 
ing a client only may be adopted, for example. Alterna- 
tively, in Examples 1 and 2, the client communication 7. 
means 21 6 and server communication means 31 6 may 
be configured to encode specific data and transmit the 45 
encoded data over a network. 8. 

Claims 

50 9. 

1. A biometric authentication method comprising: 

obtaining biometric data of a user by inputting 
biometric information of the user by a client; 
sending said biometric data obtained by the cli- 55 
ent and identification information of the client to 

performing authentication of the user by the 



server on the basis of said biometric data and 
said identification information received by the 
server and reference biometric data of the user 
and reference identification information of the 
client stored in the server. 

The biometric authentication method of claim 1, 
wherein said identification information of the client 
is unique information of the client or division infor- 
mation indicating a division to which the user belongs 
to. 

The biometric authentication method of claim 1, 
wherein said identification information of the client 
is a Mac address of the client. 

The biometric authentication method of claim 1, 
wherein said identification information of the client 
Is a random number generated by the client or the 



A system comprising: 

a client for obtaining biometric data on the basis 
of biometric information of a user inputted to the 
client, and for sending out said biometric data 
obtained by the client and identification informa- 
tion of the client; and 

a server storing reference biometric data of the 
user and reference identification information of 
the client, for performing authentication of the 
user on the basis of said biometric data and said 
identification information received from the cli- 
ent in reference to said reference biometric data 
and said reference identification information of 
the client. 

The system of claim 5, wherein said identification 
information of the client is unique information of the 
client or division information indicating a division to 
which the user belongs to. 

The system of claim 5, wherein said identification 
information of the client is a Mac address of theclient. 

The system of claim 5, wherein said identification 
information of the client is a random number gener- 
ated by the client or the server. 

A server capable of communicating with a client for 
obtaining biometric data of a user on the basis of 
biometric information of the user inputted at the cli- 
ent, the server comprising: 

a storage unit storing reference biometric data 
of the user and reference identification informa- 
tion of the client, and 

a central processing unit for performing authen- 
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tication of the user on the basis of said biometric 
data obtained by the client and identification in- 
formation of the client received from the client 
in reference to said reference biometric data and 
said reference identification information of the s 
client. 

10. The server of claim 9, wherein said identification in- 
formation of the client is unique information of the 
client or division information indicating a division to 
which the user belongs to. 

1 1 . The server of claim 9, wherein said identification in- 
formation of the client is a Mac address of the client. 

12. The server of claim 9, wherein said identification in- 
formation of the client is a random number generated 
by the client or the server. 

20 
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